From 1d57bb44fb08c701f95c82ee3050c0b6f922878f Mon Sep 17 00:00:00 2001
From: "Alexander L." <lackner.alex@gmail.com>
Date: Fri, 27 Mar 2026 12:27:15 +0100
Subject: [PATCH] Update snowflake to v2.12.1 (#5218)

---
 snowflake/docker-compose.yml |  2 +-
 snowflake/umbrel-app.yml     | 50 ++++++++++++------------------------
 2 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/snowflake/docker-compose.yml b/snowflake/docker-compose.yml
index eb726a2c..2fd397b9 100644
--- a/snowflake/docker-compose.yml
+++ b/snowflake/docker-compose.yml
@@ -7,7 +7,7 @@ services:
       APP_PORT: 3800
 
   proxy:
-    image: thetorproject/snowflake-proxy:v2.11.0@sha256:1ddc5069d35489a87257b90ccd6a93444e59a2dd3b9b240dbee75a578d6c92ca
+    image: thetorproject/snowflake-proxy:v2.12.1@sha256:53658adcf8183ed387a8abce383536f45d72b4688638e078d6c1686970199feb
     restart: on-failure
     stop_grace_period: 1m
     command: "-log /data/snowflake.log -verbose"
diff --git a/snowflake/umbrel-app.yml b/snowflake/umbrel-app.yml
index f5c51128..60240a44 100644
--- a/snowflake/umbrel-app.yml
+++ b/snowflake/umbrel-app.yml
@@ -2,7 +2,7 @@ manifestVersion: 1.1
 id: snowflake
 category: networking
 name: Tor Snowflake Proxy
-version: "v2.11.0"
+version: "v2.12.1"
 tagline: Help defeat internet censorship
 description: >-
   Snowflake is a system to defeat internet censorship. People who are
@@ -26,42 +26,26 @@ deterministicPassword: false
 torOnly: false
 releaseNotes: >-
   Various bugfixes and enhancements:
-    - Fix data race warnings for tokens_t
-    - Fix race condition in proxy connection count stats
-    - Make NATPolicy thread-safe
-    - Fix race conditions with error scope
-    - Fix race condition with proxy isClosing variable
-    - Issue 40454: Update broker metrics to count matches, denials, and timeouts
-    - Add proxy event and metrics for failed connections
-    - Issue 40377: Create CI artifact if shadow fails
-    - Issue 40438: Copy base client config for each SOCKS connection
-    - Fix minor data race in Snowflake broker metrics
-    - Issue 40363: Process and read broker SQS messages more quickly
-    - Issue 40419: delay before calling dc.Close() to improve NAT test on proxy
-    - Add country stats to proxy prometheus metrics
-    - Issue 40381: Avoid snowflake client dependency in proxy
-    - Issue 40446: Lower broker ClientTimeout to 5 seconds in line with CDN77 defaults
-    - Refactor out utls library into ptutil/utls
-    - Issue 40414: Use /etc/localtime for CI
-    - Issue 40440: Add LE self-signed ISRG Root X1 to cert pool
-    - Proxy refactor to simplify tokens.ret() on error
-    - Clarify ephemeral-ports-range proxy option
-    - Issue 40417: Fixes and updates to CI containers
-    - Issue 40178: Handle unknown client type better
-    - Issue 40304: Update STUN server list
-    - Issue 40210: Remove proxy log when offer is nil
-    - Issue 40413: Log EventOnCurrentNATTypeDetermined for proxy
-    - Use named return for some functions to improve readability
-    - Issue 40271: Use pion SetIPFilter rather than our own StripLocalAddress
-    - Issue 40413: Suppress logs of proxy events by default
-    - Add IsLinkLocalUnicast in IsLocal
-    - Fix comments
-    - Bump versions of dependencies
+    - Fix release pipeline issue from v2.12.0
+    - Disable periodic proxy stats when summary interval is set to zero
+    - Set country code to unknown when geolocation lookup fails
+    - Add support for covert DTLS transport in proxy and client
+    - Update pion WebRTC stack with security fix and performance improvements
+    - Have proxy poll only if the default relay is reachable
+    - Add support for multiple SQS channels
+    - Add back proxy churn measurement option at broker
+    - Add Prometheus metric for proxy answer counts
+    - Fix race condition in safe Prometheus metrics helper
+    - Clear map of seen proxy IP addresses to prevent unbounded growth
+    - Pull client IP from SDP for AMP cache rendezvous
+    - Fix missing labels in Docker image
+    - Simplify broker metrics and remove mutexes
+    - Update STUN server list and dependencies
 
 
   Release information: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/releases
 
 
-  Compare to v2.7.0: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/compare/v2.7.0...v2.11.0
+  Compare to v2.11.0: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/compare/v2.11.0...v2.12.1
 submitter: Umbrel
 submission: https://github.com/getumbrel/umbrel/pull/1284